Calif. Mandates Obligatory Privacy Disclosures for Mobile Apps

California Attorney General Kamala D. Harris said Wednesday that that she had convinced the Web's top app marketplace providers to require app developers to prominently post privacy policies on app download pages.

California Attorney General Kamala D. Harris said Wednesday that that she has convinced the Web's top app marketplace providers to require app developers to prominently post privacy policies on app download pages.

The agreement covers Amazon, Apple, Google, Hewlett-Packard, Microsoft, and Research In Motion, Harris said - the top platforms and marketplaces for mobile apps. The agreement with the platforms is designed to ensure that mobile apps comply with the California Online Privacy Protection Act.

According to the agreement, the most important change is that app developers will be forced to write a privacy policy for their app, which must be posted in a consistent spot on the app download page, so that consumers will be able to read it before actually purchasing it.

But the agreement is also an aggressive extension of the power of the state of California. Harris said that part of the agreement was a recognition that the state's laws will govern the app stores' operation in the state, and will apply if any California consumer wishes to use the app, regardless of where the developer is located.

"What we are announcing today is global in scope," Harris said in a press conference.

That will mean the estimated 600,000 applications for sale in the Apple App Store, plus the additional 400,000 for sale in Google's Android Market, will all have privacy policies attached. As a 2011 study indicated, few actually have privacy policies attached.

When will these privacy policies begin popping up? Harris said she did not have an official timeline.

The agreement covers four principles, Harris said: a recognition that California privacy laws apply to mobile apps; that there needs to be transparency about privacy in those apps; that there needs to be an increase in the awareness of how app developers regard, and respect, privacy; and an agreement in principle that there will be penalties if those app developers do not comply with the law.

"What we know is smartphones are everywhere and they are rich in data," Harris said at a press conference. "What we are concerned with is that they contain a user's phone number, email, and address book. That information is there as well. What we do know is that there are apps, once downloaded, will download that consumers' contact book, and we think consumers don't want that."

Consumers have a right to be informed, Harris said. "That is what is at play here, giving the consumer the control," she said.

If developers do not comply with their stated privacy policies, they can be prosecuted under California's Unfair Competition Law and/or False Advertising Law, Harris said. "We can sue, and we will sue," Harris said at a press conference.

Possible penalties could include $5,000 per use, Harris said. "Everyone should assume and be on notice that we are ready to do this immediately," Harris said on when prosecutions should begin.

In six months, Harris will convene the mobile application platforms to assess privacy in the mobile space.

"California has a unique commitment to protecting the privacy of our residents. Our constitution directly guarantees a right to privacy, and we will defend it," Harris said in a statement. "Forging this common statement of mobile privacy principles shows the power of collaboration  among government, industry and consumers  to create solutions to problems no one group can tackle alone."

Harris said that the privacy policies also need to be written in such a way that they could be understood, a counter to data that users don't actually read the privacy policies, because they're too long. The privacy policy must be present, available to be viewed and read, and also written in a way that it "can be understood," Harris said. Harris said that her office would operate in "good faith" on these points.

Path and privacy
The agreement that Harris brokered can be tied back to the debacle surrounding Path, an app that covertly uploaded a user's contact information to better link the app's user to other friends. Path's chief executive, Dave Morin, apologized. Other app developers were also found to also use customer information without a full disclosure, some taking advantage of Apple's address book policy.

Apple subsequently agreed to change its practice. "Apps that collect or transmit a user's contact data without their prior permission are in violation of our guidelines," an Apple spokesman said earlier this month. "We're working to make this even better for our customers, and as we have done with location services, any app wishing to access contact data will require explicit user approval in a future software release."

Twitter, which allows users to upload contact information so that the service can find friends - the purpose to which Path said it used contacts, as well - also said it would change the language of its notifications from "Scan your contacts" to "Upload your contacts" and "Import your contacts" in Twitter for iPhone and Twitter for Android, respectively.

This isn't the first time Harris has stepped in to provide better protections to the state's consumers. In December, Harris formed an e-crimes unit to tackle identity theft within the state. The unit was formed as a response to the growing number of technology crimes in the state, including identity theft. California ranked highest of all states in the number of identity thefts reported last year, more than 1 million, according to the FTC. The per-capita rate of identity thefts was also highest in the nation.

About the Author

Mark Hachman Mark joined ExtremeTech in 2001 as the news editor, after rival CMP/United Media decided at the time that online news did not make sense in the new millennium.
Mark stumbled into his career after discovering that writing the great American novel did not pay a monthly salary, and that his other possible career choice, physics, require... See Full Bio

Get Our Best Stories!

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.